[PATCH BlueZ 1/3] shared/rap: fix use of uninitialized value

[PATCH BlueZ 1/3] shared/rap: fix use of uninitialized value

[Pauli Virtanen]

Fix error handling in send_ras_segment_data
---
 src/shared/rap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/shared/rap.c b/src/shared/rap.c
index b554726b0..145da2060 100644
--- a/src/shared/rap.c
+++ b/src/shared/rap.c
@@ -1096,7 +1096,6 @@ static void send_ras_segment_data(struct bt_rap *rap,
 	uint16_t value_max;
 	const uint16_t header_len = ras_segment_header_size;
 	uint16_t raw_payload_size;
-	bool ok;
 
 	if (!rap || !proc)
 		return;
@@ -1128,6 +1127,7 @@ static void send_ras_segment_data(struct bt_rap *rap,
 		uint16_t seg_len;
 		uint8_t *seg;
 		uint16_t wr = 0;
+		bool ok = true;
 
 		if (index > total_len)
 			index = total_len;
@@ -1180,7 +1180,7 @@ static void send_ras_segment_data(struct bt_rap *rap,
 						wr, bt_rap_get_att(rap));
 
 		/* Try sending to on-demand characteristic */
-		if (ras->ondemand_chrc)
+		if (ras->ondemand_chrc && ok)
 			ok = gatt_db_attribute_notify(ras->ondemand_chrc, seg,
 						wr, bt_rap_get_att(rap));
 
-- 
2.54.0

[PATCH BlueZ 2/3] sdp: Fix integer overflow in sdp_extract_seqtype

[Pauli Virtanen]

Check uint32_t value does not overflow int range.

Link: https://lore.kernel.org/linux-bluetooth/ygH6bncNsvf-0Hco92Ae11Lw8-jOfekFO6O3bUvFK8w0DTueny_rwJIF6ffZg2G_XCB4v8h8xRIcAL2b_KwaweNcGa231ZQDHCMpzyvR5i8=@fluentlogic.org/
---
 lib/bluetooth/sdp.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/bluetooth/sdp.c b/lib/bluetooth/sdp.c
index 7210ce0b4..8c0865398 100644
--- a/lib/bluetooth/sdp.c
+++ b/lib/bluetooth/sdp.c
@@ -1214,6 +1214,7 @@ int sdp_extract_seqtype(const uint8_t *buf, int bufsize, uint8_t *dtdp, int *siz
 {
 	uint8_t dtd;
 	int scanned = sizeof(uint8_t);
+	uint32_t val32;
 
 	if (bufsize < (int) sizeof(uint8_t)) {
 		SDPERR("Unexpected end of packet");
@@ -1249,7 +1250,12 @@ int sdp_extract_seqtype(const uint8_t *buf, int bufsize, uint8_t *dtdp, int *siz
 			SDPERR("Unexpected end of packet");
 			return 0;
 		}
-		*size = bt_get_be32(buf);
+		val32 = bt_get_be32(buf);
+		if (val32 > INT_MAX) {
+			SDPERR("Invalid size");
+			return 0;
+		}
+		*size = val32;
 		scanned += sizeof(uint32_t);
 		break;
 	default:
-- 
2.54.0

[PATCH BlueZ 3/3] main.conf: fix unintentionally set value

[Pauli Virtanen]

Commit 31e4fb1498f ("monitor: Add decoding support for HIDS 1.1 flags
and attributes") unintentionally set a non-default value in main.conf.

Restore the value back.
---
 src/main.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main.conf b/src/main.conf
index 39584e225..5846ef92d 100644
--- a/src/main.conf
+++ b/src/main.conf
@@ -289,7 +289,7 @@
 # Export claimed services by plugins
 # Possible values: no, read-only, read-write
 # Default: read-only
-ExportClaimedServices = read-write
+#ExportClaimedServices = read-only
 
 # Security level:
 # Sets security level of ATT channel, setting security anything other than
-- 
2.54.0

RE: [BlueZ,1/3] shared/rap: fix use of uninitialized value

[bluez.test.bot]

[-- Attachment #1: Type: text/plain, Size: 3156 bytes --]

This is automated email and please do not reply to this email!

Dear submitter,

Thank you for submitting the patches to the linux bluetooth mailing list.
This is a CI test results with your patch series:
PW Link:https://patchwork.kernel.org/project/bluetooth/list/?series=1096012

---Test result---

Test Summary:
CheckPatch                    FAIL      1.44 seconds
GitLint                       FAIL      1.04 seconds
BuildEll                      PASS      20.18 seconds
BluezMake                     PASS      606.71 seconds
MakeCheck                     PASS      1.05 seconds
MakeDistcheck                 FAIL      219.28 seconds
CheckValgrind                 PASS      203.90 seconds
CheckSmatch                   PASS      326.52 seconds
bluezmakeextell               PASS      166.47 seconds
IncrementalBuild              PASS      628.84 seconds
ScanBuild                     PASS      974.54 seconds

Details
##############################
Test: CheckPatch - FAIL
Desc: Run checkpatch.pl script
Output:
[BlueZ,3/3] main.conf: fix unintentionally set value
ERROR:GIT_COMMIT_ID: Please use git commit description style 'commit <12+ chars of sha1> ("<title line>")' - ie: 'Commit 31e4fb1498f4 ("monitor: Add decoding support for HIDS 1.1 flags and attributes")'
#88: 
Commit 31e4fb1498f ("monitor: Add decoding support for HIDS 1.1 flags
and attributes") unintentionally set a non-default value in main.conf.

/github/workspace/src/patch/14577223.patch total: 1 errors, 0 warnings, 8 lines checked

NOTE: For some of the reported defects, checkpatch may be able to
      mechanically convert to the typical style using --fix or --fix-inplace.

/github/workspace/src/patch/14577223.patch has style problems, please review.

NOTE: Ignored message types: COMMIT_MESSAGE COMPLEX_MACRO CONST_STRUCT FILE_PATH_CHANGES MISSING_SIGN_OFF PREFER_PACKED SPDX_LICENSE_TAG SPLIT_STRING SSCANF_TO_KSTRTO

NOTE: If any of the errors are false positives, please report
      them to the maintainer, see CHECKPATCH in MAINTAINERS.


##############################
Test: GitLint - FAIL
Desc: Run gitlint
Output:
[BlueZ,2/3] sdp: Fix integer overflow in sdp_extract_seqtype

WARNING: I3 - ignore-body-lines: gitlint will be switching from using Python regex 'match' (match beginning) to 'search' (match anywhere) semantics. Please review your ignore-body-lines.regex option accordingly. To remove this warning, set general.regex-style-search=True. More details: https://jorisroovers.github.io/gitlint/configuration/#regex-style-search
5: B1 Line exceeds max length (171>80): "Link: https://lore.kernel.org/linux-bluetooth/ygH6bncNsvf-0Hco92Ae11Lw8-jOfekFO6O3bUvFK8w0DTueny_rwJIF6ffZg2G_XCB4v8h8xRIcAL2b_KwaweNcGa231ZQDHCMpzyvR5i8=@fluentlogic.org/"
##############################
Test: MakeDistcheck - FAIL
Desc: Run Bluez Make Distcheck
Output:

make[4]: *** [Makefile:10239: test-suite.log] Error 1
make[3]: *** [Makefile:10347: check-TESTS] Error 2
make[2]: *** [Makefile:10818: check-am] Error 2
make[1]: *** [Makefile:10820: check] Error 2
make: *** [Makefile:10741: distcheck] Error 1


https://github.com/bluez/bluez/pull/2130

---
Regards,
Linux Bluetooth